Wi-Fi security flaw leaves all wireless networking vulnerable

A flaw in the Wi-Fi protocol used to connect laptops and smart devices to networks could leave wireless networking vulnerable to eavesdropping. 

The security issue was discovered by Mathy Vanhoef at the Katholieke Universiteit Leuven in Belgium. It was announced Monday morning in advance of being presented at two major conferences, but the United States Computer Emergency Response Team sent out a notice to impacted parties to be ready for the release of the research.

Vanhoef has nicknamed his discovery “KRACK” short for “key reinstallation attacks.”

Since the flaw is in the protocol, it likely affects all hardware and software that properly implement the WPA2 standard used in modern wireless networking.

{mosads}

There are a variety of different attacks, but the main one interrupts a four-step process known as a “four-way handshake” used to create a single-use encryption key to protect communications. A hacker can exploit the third step of that process to steal that encryption key. That key can be used by a hacker to listen in on all the traffic going to and from that device. 

The attack is particularly dangerous against Android and Linux devices, said Vanhoef in his write up. It is more complicated and less dangerous against other devices, but still a threat, he said. 

Vanhoef said that devices can be patched against the attack, making it imperative to update all phones, laptops and other products using Wi-Fi. 

Vanhoef ended his write-up by saying he believes more flaws in Wi-Fi will be discovered. 

He concluded his report quoting the video game character Master Chief: “I think we’re just getting started,” he wrote.